On 8/9/22 16:02, Dino Edwards wrote: > >> It's absolutely not forwarding. It's resolving recursively. I'm using > unbound with pfsense and I'm suspecting there is something wrong with it. >> When I point to MS DNS server or 9.9.9.9, it's resolving correctly. > > The issue has been resolved. Just in case someone finds the solution useful, > pfsense by default has rebind protection enabled which disables DNS > responses using rfc1918. So disabling rebinding DNS protection in pfsense is > the solution.
Unbound allows configuring rebinding protection in unbound.conf. You should allow only the expected RFC1918 addresses, not all of them and certainly not loopback. What RFC1918 addresses are you seeing? -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
